task: upgrade React Native to v0.76.5 (#55)

* Upgrade react / react-native packages and example app dev dependencies

* Upgrade rest of example deps and re-add resolutions

* Upgrade native stuff and rest of the dependencies / configurations

* Fix lefthook lint issues

* Upgrade @gr4vy/node to latest compatible version (using Node 18)

* Resolve to rexml 3.3.9 to fix vulnerability

* Fix lint / types issues

* Resolve to elliptic 6.6.0 and clean up trivyignore file

.eslintrc.js

@@ -1,6 +1,6 @@
 module.exports = {
   root: true,
-  extends: ['@react-native-community', 'prettier'],
+  extends: ['@react-native', 'prettier'],
   rules: {
     'prettier/prettier': [
       'error',
@@ -14,4 +14,5 @@ module.exports = {
       },
     ],
   },
+  plugins: ['prettier'],
 }

.gitignore

@@ -24,6 +24,7 @@ DerivedData
 *.ipa
 *.xcuserstate
 project.xcworkspace
+**/.xcode.env.local
 
 # Android/IJ
 #
@@ -38,7 +39,7 @@ android.iml
 
 # Cocoapods
 #
-example/ios/Pods
+example/**/Pods
 
 # Ruby
 example/vendor/
@@ -78,3 +79,14 @@ build-native-modules-MacOS-helper-script-npm.sh
 
 # fastlane
 report.xml
+
+# testing
+/coverage
+
+# Yarn
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions

.nvmrc

@@ -1 +1 @@
-16.18.1
+18.20.5

.trivyignore

@@ -2,78 +2,6 @@
 
 # Please provide a comment with each vulnerability ID describing why it has been ignored.
 
-# fast-xml-parser (react-native)
-
-CVE-2023-34104
-
-# @sideway/formula (nodejs-mobile-react-native app)
-
-CVE-2023-25166
-
-# decode-uri-component (nodejs-mobile-react-native app)
-
-CVE-2022-38900
-
-# json5 (nodejs-mobile-react-native app)
-
-CVE-2022-46175
-
-# shell-quote (nodejs-mobile-react-native app)
-
-CVE-2021-42740
-
-# @babel/traverse (example - dev dep)
-
-CVE-2023-45133
-
-# ip (example - dev dep)
-
-CVE-2023-42282
-
-# react-devtools-core (example - dev dep)
-
-CVE-2023-5654
-
-# activesupport (example - Gem)
-
-CVE-2023-38037
-
-# semver (nodejs-mobile-react-native app)
-
-CVE-2022-25883
-
 # tough-cookie (nodejs-mobile-react-native app)
 
 CVE-2023-26136
-
-# word-wrap (nodejs-mobile-react-native app)
-
-CVE-2023-26115
-
-# rexml (react-native)
-
-CVE-2024-35176
-CVE-2024-39908
-CVE-2024-41123
-CVE-2024-41946
-CVE-2024-43398
-CVE-2024-49761
-
-# fast-xml-parser (react-native)
-
-CVE-2024-41818
-
-# micromatch (react-native)
-
-CVE-2024-4067
-
-# elliptic (react-native)
-
-CVE-2024-42459
-CVE-2024-42460
-CVE-2024-42461
-CVE-2024-48948
-
-# cross-spawn (react-native)
-
-CVE-2024-21538

babel.config.js

@@ -1,3 +1,3 @@
 module.exports = {
-  presets: ['module:metro-react-native-babel-preset'],
+  presets: ['module:@react-native/babel-preset'],
 }

example/Gemfile

@@ -3,4 +3,10 @@ source 'https://rubygems.org'
 # You may use http://rbenv.org/ or https://rvm.io/ to install and use this version
 ruby '>= 2.6.10'
 
-gem 'cocoapods', '>= 1.12.0'
+# Exclude problematic versions of cocoapods and activesupport that causes build failures.
+gem 'cocoapods', '>= 1.13', '!= 1.15.0', '!= 1.15.1'
+gem 'activesupport', '>= 6.1.7.5', '!= 7.1.0'
+gem 'xcodeproj', '< 1.26.0'
+
+# Fix vulnerabilities
+gem 'rexml', '>= 3.3.9'

example/Gemfile.lock

@@ -84,10 +84,8 @@ GEM
     netrc (0.11.0)
     nkf (0.2.0)
     public_suffix (4.0.7)
-    rexml (3.3.6)
-      strscan
+    rexml (3.4.0)
     ruby-macho (2.5.1)
-    strscan (3.1.0)
     typhoeus (1.4.1)
       ethon (>= 0.9.0)
     tzinfo (2.0.6)
@@ -104,7 +102,10 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  cocoapods (>= 1.12.0)
+  activesupport (>= 6.1.7.5, != 7.1.0)
+  cocoapods (>= 1.13, != 1.15.1, != 1.15.0)
+  rexml (>= 3.3.9)
+  xcodeproj (< 1.26.0)
 
 RUBY VERSION
    ruby 2.7.6p219

example/android/Gemfile

@@ -4,3 +4,6 @@ gem "fastlane"
 
 plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile')
 eval_gemfile(plugins_path) if File.exist?(plugins_path)
+
+# Fix vulnerabilities
+gem 'rexml', '>= 3.3.9'

example/android/Gemfile.lock

@@ -180,8 +180,7 @@ GEM
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.3.6)
-      strscan
+    rexml (3.4.0)
     rouge (2.0.7)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
@@ -194,7 +193,6 @@ GEM
     simctl (1.6.10)
       CFPropertyList
       naturally
-    strscan (3.1.0)
     terminal-notifier (2.0.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
@@ -226,6 +224,7 @@ DEPENDENCIES
   fastlane-plugin-commit_android_version_bump
   fastlane-plugin-firebase_app_distribution
   fastlane-plugin-increment_version_code
+  rexml (>= 3.3.9)
 
 BUNDLED WITH
    2.1.4

example/android/app/build.gradle

@@ -1,4 +1,5 @@
 apply plugin: "com.android.application"
+apply plugin: "org.jetbrains.kotlin.android"
 apply plugin: "com.facebook.react"
 
 import com.android.build.OutputFile
@@ -9,14 +10,14 @@ import com.android.build.OutputFile
  */
 react {
     /* Folders */
-    //   The root of your project, i.e. where "package.json" lives. Default is '..'
-    // root = file("../")
-    //   The folder where the react-native NPM package is. Default is ../node_modules/react-native
-    // reactNativeDir = file("../node_modules/react-native")
-    //   The folder where the react-native Codegen package is. Default is ../node_modules/react-native-codegen
-    // codegenDir = file("../node_modules/react-native-codegen")
-    //   The cli.js file which is the React Native CLI entrypoint. Default is ../node_modules/react-native/cli.js
-    // cliFile = file("../node_modules/react-native/cli.js")
+    //   The root of your project, i.e. where "package.json" lives. Default is '../..'
+    // root = file("../../")
+    //   The folder where the react-native NPM package is. Default is ../../node_modules/react-native
+    // reactNativeDir = file("../../node_modules/react-native")
+    //   The folder where the react-native Codegen package is. Default is ../../node_modules/@react-native/codegen
+    // codegenDir = file("../../node_modules/@react-native/codegen")
+    //   The cli.js file which is the React Native CLI entrypoint. Default is ../../node_modules/react-native/cli.js
+    // cliFile = file("../../node_modules/react-native/cli.js")
 
     /* Variants */
     //   The list of variants to that are debuggable. For those we're going to
@@ -50,6 +51,9 @@ react {
     //
     //   The list of flags to pass to the Hermes compiler. By default is "-O", "-output-source-map"
     // hermesFlags = ["-O", "-output-source-map"]
+
+    /* Autolinking */
+    autolinkLibrariesWithApp()
 }
 
 /**
@@ -91,6 +95,7 @@ def reactNativeArchitectures() {
 android {
     ndkVersion rootProject.ext.ndkVersion
 
+    buildToolsVersion rootProject.ext.buildToolsVersion
     compileSdkVersion rootProject.ext.compileSdkVersion
 
     namespace "com.embedreactnativeexample"
@@ -102,14 +107,6 @@ android {
         versionName "1.0"
     }
 
-    splits {
-        abi {
-            reset()
-            enable enableSeparateBuildPerCPUArchitecture
-            universalApk false  // If true, also generate a universal APK
-            include (*reactNativeArchitectures())
-        }
-    }
     signingConfigs {
         debug {
             storeFile file('debug.keystore')
@@ -130,41 +127,15 @@ android {
             proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro"
         }
     }
-
-    // applicationVariants are e.g. debug, release
-    applicationVariants.all { variant ->
-        variant.outputs.each { output ->
-            // For each separate APK per architecture, set a unique version code as described here:
-            // https://developer.android.com/studio/build/configure-apk-splits.html
-            // Example: versionCode 1 will generate 1001 for armeabi-v7a, 1002 for x86, etc.
-            def versionCodes = ["armeabi-v7a": 1, "x86": 2, "arm64-v8a": 3, "x86_64": 4]
-            def abi = output.getFilter(OutputFile.ABI)
-            if (abi != null) {  // null for the universal-debug, universal-release variants
-                output.versionCodeOverride =
-                        defaultConfig.versionCode * 1000 + versionCodes.get(abi)
-            }
-
-        }
-    }
 }
 
 dependencies {
     // The version of react-native is set by the React Native Gradle Plugin
     implementation("com.facebook.react:react-android")
 
-    implementation("androidx.swiperefreshlayout:swiperefreshlayout:1.0.0")
-
-    debugImplementation("com.facebook.flipper:flipper:${FLIPPER_VERSION}")
-    debugImplementation("com.facebook.flipper:flipper-network-plugin:${FLIPPER_VERSION}") {
-        exclude group:'com.squareup.okhttp3', module:'okhttp'
-    }
-
-    debugImplementation("com.facebook.flipper:flipper-fresco-plugin:${FLIPPER_VERSION}")
     if (hermesEnabled.toBoolean()) {
         implementation("com.facebook.react:hermes-android")
     } else {
         implementation jscFlavor
     }
 }
-
-apply from: file("../../node_modules/@react-native-community/cli-platform-android/native_modules.gradle"); applyNativeModulesAppBuildGradle(project)

example/android/app/src/debug/AndroidManifest.xml

@@ -2,12 +2,8 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:tools="http://schemas.android.com/tools">
 
-    <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
-
     <application
         android:usesCleartextTraffic="true"
         tools:targetApi="28"
-        tools:ignore="GoogleAppIndexingWarning">
-        <activity android:name="com.facebook.react.devsupport.DevSettingsActivity" android:exported="false" />
-    </application>
+        tools:ignore="GoogleAppIndexingWarning" />
 </manifest>